cURL -- inappropriate GSSAPI delegation

Details

VuXML ID

9aecb94c-c1ad-11e3-a5ac-001b21614864

Discovery

2011-06-23

Entry

2014-04-11

Modified

2014-04-30

cURL reports:

When doing GSSAPI authentication, libcurl unconditionally performs
credential delegation. This hands the server a copy of the client's
security credentials, allowing the server to impersonate the client
to any other using the same GSSAPI mechanism.